Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Removing a VLAN from Interface

One of physical interface on a SG 15000 Series firewall cluster is trunked with 1 vlan and I need to remove that vlan and turn off the interface . What is the correct procedure to do that ?

 Cluster with active/standby setup. Gateways are on GAIA R77.30 , managed by R80 CMA. 

8 Replies
Highlighted
Advisor

Delete the VLAN Interface from GAiA Web portal or Clish..

Turn off the physical interface. 

All changes must do on each member of gateways.

Then Update Topology Table on Smartconsole

0 Kudos
Highlighted
Participant

Gomboragchaa Jamganjav

Should it be removed 1st on Standby Gateway ?

After updating the topology table should a policy push be required ?

0 Kudos
Highlighted

if you update topology after removing it from gateways, this will break cluster status for sure!

Highlighted
Participant

Thanks Norbert.

I would like to follow the steps you outlined. Below is my Plan,

1) Remove the interface from the topology table in SmartConsole and push the policy.

( Current output of cphaprob -a if is below & cphaprb stat - Active/Standby )

Required interfaces: 4
Required secured interfaces: 1)

after step 1 would the output be as below ?

( Current output of cphaprob -a if is below & cphaprb stat - Active/Standby )

Required interfaces: 3
Required secured interfaces: 1)

2) delete IF from standby (clish)

3) delete IF from active (clish)

4) admin down the physical interface on both nodes

0 Kudos
Highlighted
Participant

Delete vlan then admin down interface on both members.

Would prefer to start with standby node, especially if interface/vlan set as a cluster monitored

After changes on firewall nodes level, update topology on cluster object in CMA  and push policy

0 Kudos
Highlighted

Hi,

As it is in cluster, I would suggest to follow instruction as per sk57100.

 

0 Kudos
Highlighted

sk57100 is a good choice.

But I must admit, that I never followed it completely. So I never stopped a member for this type of maintenance. 

I normally use the following to remove an interface:

- remove it from topology in cluster object through SmartConsole

- check chaprob -a if for the change on both members

- delete IF from standby (clish)

- delete IF from active (clish)

0 Kudos
Highlighted

This seems to be Good steps

0 Kudos